Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 5 Feb 2011 19:13:35 +0000 (UTC)
From:      Doug Barton <dougb@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org
Subject:   svn commit: r218334 - in stable/8: contrib/bind9 contrib/bind9/bin/check contrib/bind9/bin/dig contrib/bind9/bin/dnssec contrib/bind9/bin/named contrib/bind9/bin/named/include/named contrib/bind9/b...
Message-ID:  <201102051913.p15JDZcl037635@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: dougb
Date: Sat Feb  5 19:13:34 2011
New Revision: 218334
URL: http://svn.freebsd.org/changeset/base/218334

Log:
  Update to BIND 9.6.3, the latest from ISC on the 9.6 branch.
  
  All 9.6 users with DNSSEC validation enabled should upgrade to this
  version, or the latest version in the 9.7 branch, prior to 2011-03-31
  in order to avoid validation failures for names in .COM as described
  here:
  
  https://www.isc.org/announcement/bind-9-dnssec-validation-fails-new-ds-record
  
  In addition the fixes for this and other bugs, there are also the
  following:
  
    * Various fixes to kerberos support, including GSS-TSIG
    * Various fixes to avoid leaking memory, and to problems that could
      prevent a clean shutdown of named

Added:
  stable/8/contrib/bind9/RELEASE-NOTES-BIND-9.6.3.html
     - copied unchanged from r218309, vendor/bind9/dist/RELEASE-NOTES-BIND-9.6.3.html
  stable/8/contrib/bind9/RELEASE-NOTES-BIND-9.6.3.pdf
     - copied unchanged from r218309, vendor/bind9/dist/RELEASE-NOTES-BIND-9.6.3.pdf
  stable/8/contrib/bind9/RELEASE-NOTES-BIND-9.6.3.txt
     - copied unchanged from r218309, vendor/bind9/dist/RELEASE-NOTES-BIND-9.6.3.txt
Deleted:
  stable/8/contrib/bind9/RELEASE-NOTES-BIND-9.6-ESV.html
  stable/8/contrib/bind9/RELEASE-NOTES-BIND-9.6-ESV.pdf
  stable/8/contrib/bind9/RELEASE-NOTES-BIND-9.6-ESV.txt
  stable/8/contrib/bind9/release-notes.css
Modified:
  stable/8/contrib/bind9/CHANGES
  stable/8/contrib/bind9/COPYRIGHT
  stable/8/contrib/bind9/README
  stable/8/contrib/bind9/bin/check/check-tool.c
  stable/8/contrib/bind9/bin/check/check-tool.h
  stable/8/contrib/bind9/bin/check/named-checkconf.c
  stable/8/contrib/bind9/bin/check/named-checkzone.c
  stable/8/contrib/bind9/bin/dig/dig.c
  stable/8/contrib/bind9/bin/dig/dighost.c
  stable/8/contrib/bind9/bin/dig/host.c
  stable/8/contrib/bind9/bin/dig/nslookup.1
  stable/8/contrib/bind9/bin/dig/nslookup.docbook
  stable/8/contrib/bind9/bin/dig/nslookup.html
  stable/8/contrib/bind9/bin/dnssec/dnssec-dsfromkey.8
  stable/8/contrib/bind9/bin/dnssec/dnssec-dsfromkey.html
  stable/8/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.html
  stable/8/contrib/bind9/bin/dnssec/dnssec-keygen.html
  stable/8/contrib/bind9/bin/dnssec/dnssec-signzone.c
  stable/8/contrib/bind9/bin/dnssec/dnssec-signzone.html
  stable/8/contrib/bind9/bin/named/builtin.c
  stable/8/contrib/bind9/bin/named/client.c
  stable/8/contrib/bind9/bin/named/control.c
  stable/8/contrib/bind9/bin/named/include/named/globals.h
  stable/8/contrib/bind9/bin/named/include/named/query.h
  stable/8/contrib/bind9/bin/named/main.c
  stable/8/contrib/bind9/bin/named/query.c
  stable/8/contrib/bind9/bin/named/server.c
  stable/8/contrib/bind9/bin/named/update.c
  stable/8/contrib/bind9/bin/named/xfrout.c
  stable/8/contrib/bind9/bin/nsupdate/nsupdate.1
  stable/8/contrib/bind9/bin/nsupdate/nsupdate.c
  stable/8/contrib/bind9/bin/nsupdate/nsupdate.docbook
  stable/8/contrib/bind9/bin/nsupdate/nsupdate.html
  stable/8/contrib/bind9/config.h.in
  stable/8/contrib/bind9/config.threads.in
  stable/8/contrib/bind9/configure.in
  stable/8/contrib/bind9/doc/arm/Bv9ARM-book.xml
  stable/8/contrib/bind9/doc/arm/Bv9ARM.ch06.html
  stable/8/contrib/bind9/doc/arm/Bv9ARM.ch07.html
  stable/8/contrib/bind9/doc/arm/Bv9ARM.ch08.html
  stable/8/contrib/bind9/doc/arm/Bv9ARM.ch09.html
  stable/8/contrib/bind9/doc/arm/Bv9ARM.html
  stable/8/contrib/bind9/doc/arm/Bv9ARM.pdf
  stable/8/contrib/bind9/doc/arm/man.dig.html
  stable/8/contrib/bind9/doc/arm/man.dnssec-dsfromkey.html
  stable/8/contrib/bind9/doc/arm/man.dnssec-keyfromlabel.html
  stable/8/contrib/bind9/doc/arm/man.dnssec-keygen.html
  stable/8/contrib/bind9/doc/arm/man.dnssec-signzone.html
  stable/8/contrib/bind9/doc/arm/man.host.html
  stable/8/contrib/bind9/doc/arm/man.named-checkconf.html
  stable/8/contrib/bind9/doc/arm/man.named-checkzone.html
  stable/8/contrib/bind9/doc/arm/man.named.html
  stable/8/contrib/bind9/doc/arm/man.nsupdate.html
  stable/8/contrib/bind9/doc/arm/man.rndc-confgen.html
  stable/8/contrib/bind9/doc/arm/man.rndc.conf.html
  stable/8/contrib/bind9/doc/arm/man.rndc.html
  stable/8/contrib/bind9/doc/misc/options
  stable/8/contrib/bind9/lib/bind9/api
  stable/8/contrib/bind9/lib/bind9/check.c
  stable/8/contrib/bind9/lib/dns/Makefile.in
  stable/8/contrib/bind9/lib/dns/adb.c
  stable/8/contrib/bind9/lib/dns/api
  stable/8/contrib/bind9/lib/dns/dst_api.c
  stable/8/contrib/bind9/lib/dns/dst_internal.h
  stable/8/contrib/bind9/lib/dns/gssapictx.c
  stable/8/contrib/bind9/lib/dns/include/dns/diff.h
  stable/8/contrib/bind9/lib/dns/include/dns/events.h
  stable/8/contrib/bind9/lib/dns/include/dns/name.h
  stable/8/contrib/bind9/lib/dns/include/dns/ncache.h
  stable/8/contrib/bind9/lib/dns/include/dns/rdataset.h
  stable/8/contrib/bind9/lib/dns/include/dns/resolver.h
  stable/8/contrib/bind9/lib/dns/include/dns/result.h
  stable/8/contrib/bind9/lib/dns/include/dns/tsig.h
  stable/8/contrib/bind9/lib/dns/include/dns/types.h
  stable/8/contrib/bind9/lib/dns/include/dns/validator.h
  stable/8/contrib/bind9/lib/dns/include/dns/view.h
  stable/8/contrib/bind9/lib/dns/include/dns/zone.h
  stable/8/contrib/bind9/lib/dns/include/dst/dst.h
  stable/8/contrib/bind9/lib/dns/journal.c
  stable/8/contrib/bind9/lib/dns/message.c
  stable/8/contrib/bind9/lib/dns/name.c
  stable/8/contrib/bind9/lib/dns/ncache.c
  stable/8/contrib/bind9/lib/dns/openssl_link.c
  stable/8/contrib/bind9/lib/dns/rbtdb.c
  stable/8/contrib/bind9/lib/dns/rdata.c
  stable/8/contrib/bind9/lib/dns/rdata/generic/ipseckey_45.c
  stable/8/contrib/bind9/lib/dns/rdata/generic/nsec_47.c
  stable/8/contrib/bind9/lib/dns/rdata/generic/rrsig_46.c
  stable/8/contrib/bind9/lib/dns/rdatalist.c
  stable/8/contrib/bind9/lib/dns/rdataset.c
  stable/8/contrib/bind9/lib/dns/rdataslab.c
  stable/8/contrib/bind9/lib/dns/resolver.c
  stable/8/contrib/bind9/lib/dns/result.c
  stable/8/contrib/bind9/lib/dns/rootns.c
  stable/8/contrib/bind9/lib/dns/sdb.c
  stable/8/contrib/bind9/lib/dns/sdlz.c
  stable/8/contrib/bind9/lib/dns/time.c
  stable/8/contrib/bind9/lib/dns/tkey.c
  stable/8/contrib/bind9/lib/dns/tsig.c
  stable/8/contrib/bind9/lib/dns/validator.c
  stable/8/contrib/bind9/lib/dns/view.c
  stable/8/contrib/bind9/lib/dns/zone.c
  stable/8/contrib/bind9/lib/isc/Makefile.in
  stable/8/contrib/bind9/lib/isc/api
  stable/8/contrib/bind9/lib/isc/entropy.c
  stable/8/contrib/bind9/lib/isc/include/isc/mem.h
  stable/8/contrib/bind9/lib/isc/include/isc/platform.h.in
  stable/8/contrib/bind9/lib/isc/include/isc/task.h
  stable/8/contrib/bind9/lib/isc/mem.c
  stable/8/contrib/bind9/lib/isc/nothreads/Makefile.in
  stable/8/contrib/bind9/lib/isc/print.c
  stable/8/contrib/bind9/lib/isc/pthreads/mutex.c
  stable/8/contrib/bind9/lib/isc/task.c
  stable/8/contrib/bind9/lib/isc/unix/socket.c
  stable/8/contrib/bind9/lib/isccfg/api
  stable/8/contrib/bind9/lib/isccfg/namedconf.c
  stable/8/contrib/bind9/lib/lwres/man/lwres.html
  stable/8/contrib/bind9/lib/lwres/man/lwres_buffer.html
  stable/8/contrib/bind9/lib/lwres/man/lwres_config.html
  stable/8/contrib/bind9/lib/lwres/man/lwres_context.html
  stable/8/contrib/bind9/lib/lwres/man/lwres_gabn.html
  stable/8/contrib/bind9/lib/lwres/man/lwres_gai_strerror.html
  stable/8/contrib/bind9/lib/lwres/man/lwres_getaddrinfo.html
  stable/8/contrib/bind9/lib/lwres/man/lwres_gethostent.html
  stable/8/contrib/bind9/lib/lwres/man/lwres_getipnode.html
  stable/8/contrib/bind9/lib/lwres/man/lwres_getnameinfo.html
  stable/8/contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.html
  stable/8/contrib/bind9/lib/lwres/man/lwres_gnba.html
  stable/8/contrib/bind9/lib/lwres/man/lwres_hstrerror.html
  stable/8/contrib/bind9/lib/lwres/man/lwres_inetntop.html
  stable/8/contrib/bind9/lib/lwres/man/lwres_noop.html
  stable/8/contrib/bind9/lib/lwres/man/lwres_packet.html
  stable/8/contrib/bind9/lib/lwres/man/lwres_resutil.html
  stable/8/contrib/bind9/lib/lwres/print_p.h
  stable/8/contrib/bind9/version
  stable/8/lib/bind/config.h
  stable/8/lib/bind/dns/code.h
  stable/8/lib/bind/dns/dns/enumclass.h
  stable/8/lib/bind/dns/dns/enumtype.h
  stable/8/lib/bind/dns/dns/rdatastruct.h
  stable/8/lib/bind/isc/isc/platform.h
Directory Properties:
  stable/8/contrib/bind9/   (props changed)

Modified: stable/8/contrib/bind9/CHANGES
==============================================================================
--- stable/8/contrib/bind9/CHANGES	Sat Feb  5 17:05:29 2011	(r218333)
+++ stable/8/contrib/bind9/CHANGES	Sat Feb  5 19:13:34 2011	(r218334)
@@ -1,5 +1,54 @@
+	--- 9.6.3 released ---
 
-	--- 9.6-ESV-R3 released ---
+3009.	[bug]		clients-per-query code didn't work as expected with
+			particular query patterns. [RT #22972]
+
+	--- 9.6.3rc1 released ---
+
+3007.	[bug]		Named failed to preserve the case of domain names in
+			rdata which is not compressible when writing master
+			files.  [RT #22863]
+
+3002.	[bug]		isc_mutex_init_errcheck() failed to destroy attr.
+			[RT #22766]
+
+2996.	[security]	Temporarily disable SO_ACCEPTFILTER support.
+			[RT #22589]
+
+2995.	[bug]		The Kerberos realm was not being correctly extracted
+			from the signer's identity. [RT #22770]
+
+2994.	[port]		NetBSD: use pthreads by default on NetBSD >= 5.0, and
+			do not use threads on earlier versions.  Also kill
+			the unproven-pthreads, mit-pthreads, and ptl2 support.
+
+2984.	[bug]		Don't run MX checks when the target of the MX record
+			is ".".  [RT #22645]
+
+2817.	[cleanup]	Removed unnecessary isc_task_endexclusive() calls.
+			[RT #20768]
+
+	--- 9.6.3b1 released ---
+
+2982.	[bug]		Reference count dst keys.  dst_key_attach() can be used
+			increment the reference count.
+
+			Note: dns_tsigkey_createfromkey() callers should now
+			always call dst_key_free() rather than setting it
+			to NULL on success. [RT #22672]
+
+2979.	[bug]		named could deadlock during shutdown if two
+			"rndc stop" commands were issued at the same
+			time. [RT #22108]
+
+2978.	[port]		hpux: look for <devpoll.h> [RT #21919]
+
+2976.	[bug]		named could die on exit after negotiating a GSS-TSIG
+			key. [RT #22573]
+
+2975.	[bug]		rbtdb.c:cleanup_dead_nodes_callback() aquired the
+			wrong lock which could lead to server deadlock.
+			[RT #22614]
 
 2972.	[bug]		win32: address windows socket errors. [RT #21906]
 
@@ -36,6 +85,9 @@
 			justified character with a non zero width,
 			(e.g. "%-1c"). [RT #22270]
 
+2965.	[func]		Test HMAC functions using test data from RFC 2104 and
+			RFC 4634. [RT #21702]
+
 2964.	[bug]		view->queryacl was being overloaded.  Seperate the
 			usage into view->queryacl, view->cacheacl and
 			view->queryonacl. [RT #22114]
@@ -43,6 +95,25 @@
 2962.	[port]		win32: add more dependencies to BINDBuild.dsw.
 			[RT #22062]
 
+2960.	[func]		Check that named accepts non-authoritative answers.
+			[RT #21594]
+
+2959.	[func]		Check that named starts with a missing masterfile.
+			[RT #22076]
+
+2957.	[bug]		entropy_get() and entropy_getpseudo() failed to match
+			the API for RAND_bytes() and RAND_pseudo_bytes()
+			respectively. [RT #21962]
+
+2956.	[port]		Enable atomic operations on the PowerPC64. [RT #21899]
+
+2954.	[bug]		contrib: dlz_mysql_driver.c bad error handling on
+			build_sqldbinstance failure. [RT #21623]
+
+2953.	[bug]		Silence spurious "expected covering NSEC3, got an
+			exact match" message when returning a wildcard
+			no data response. [RT #21744]
+
 2952.	[port]		win32: named-checkzone and named-checkconf failed
 			to initialise winsock. [RT #21932]
 
@@ -50,7 +121,23 @@
 			in a optout, delegation only zone with no secure
 			delegations. [RT #22007]
 
-	--- 9.6-ESV-R2 released ---
+2950.	[bug]		named failed to perform a SOA up to date check when
+			falling back to TCP on UDP timeouts when
+			ixfr-from-differences was set. [RT #21595]
+
+2946.	[doc]		Document the default values for the minimum and maximum
+			zone refresh and retry values in the ARM. [RT #21886]
+
+2945.	[doc]		Update empty-zones list in ARM. [RT #21772]
+
+2944.	[maint]		Remove ORCHID prefix from built in empty zones.
+			[RT #21772]
+
+2942.	[contrib]	zone2sqlite failed to setup the entropy sources.
+			[RT #21610]
+
+2941.	[bug]		sdb and sdlz (dlz's zone database) failed to support
+			DNAME at the zone apex.  [RT #21610]
 
 2939.	[func]		Check that named successfully skips NSEC3 records
 			that fail to match the NSEC3PARAM record currently
@@ -73,31 +160,173 @@
 			likely that the bug happens only when enabling threads,
 			but it's not confirmed yet. [RT #21818]
 
+2935.	[bug]		nsupdate: improve 'file not found' error message.
+			[RT #21871]
+
+2934.	[bug]		Use ANSI C compliant shift range in lib/isc/entropy.c.
+			[RT #21871]
+
+2933.	[bug]		'dig +nsid' used stack memory after it went out of
+			scope.  This could potentially result in a unknown,
+			potentially malformed, EDNS option being sent instead
+			of the desired NSID option. [RT #21781]
+
+2932.	[cleanup]	Corrected a numbering error in the "dnssec" test.
+			[RT #21597]
+
+2931.	[bug]		Temporarily and partially disable change 2864
+			because it would cause infinite attempts of RRSIG
+			queries.  This is an urgent care fix; we'll
+			revisit the issue and complete the fix later.
+			[RT #21710]
+
+2929.	[bug]		Improved handling of GSS security contexts:
+			 - added LRU expiration for generated TSIGs
+			 - added the ability to use a non-default realm
+                         - added new "realm" keyword in nsupdate
+			 - limited lifetime of generated keys to 1 hour
+			   or the lifetime of the context (whichever is
+			   smaller)
+			[RT #19737]
+
 2925.	[bug]		Named failed to accept uncachable negative responses
 			from insecure zones. [RT# 21555]
 
+2923.	[bug]		'dig +trace' could drop core after "connection
+			timeout". [RT #21514]
+
+2922.	[contrib]	Update zkt to version 1.0.
+
 2921.	[bug]		The resolver could attempt to destroy a fetch context
 			too soon.  [RT #19878]
 
+2918.	[maint]		Add AAAA address for I.ROOT-SERVERS.NET.
+
+2916.	[func]		Add framework to use IPv6 in tests.
+			fd92:7065:b8e:ffff::1 ... fd92:7065:b8e:ffff::7
+
+2915.	[cleanup]	Be smarter about which objects we attempt to compile
+			based on configure options. [RT #21444]
+
+2912.	[func]		Windows clients don't like UPDATE responses that clear
+			the zone section. [RT #20986]
+
+2911.	[bug]		dnssec-signzone didn't handle out of zone records well.
+			[RT #21367]
+
+2910.	[func]		Sanity check Kerberos credentials. [RT #20986]
+
+2908.	[bug]		It was possible for re-signing to stop after removing
+			a DNSKEY. [RT #21384]
+
+2905.	[port]		aix: set use_atomic=yes with native compiler.
+			[RT #21402]
+
+2904.   [bug]           When using DLV, sub-zones of the zones in the DLV,
+			could be incorrectly marked as insecure instead of
+			secure leading to negative proofs failing.  This was
+			a unintended outcome from change 2890. [RT# 21392]
+
+2901.	[port]		Use AC_C_FLEXIBLE_ARRAY_MEMBER. [RT #21316]
+
 2900.	[bug]		The placeholder negative caching element was not
-			properly constructed triggering a INSIST in 
+			properly constructed triggering a INSIST in
 			dns_ncache_towire(). [RT #21346]
-			
+
+2899.	[port]		win32: Support linking against OpenSSL 1.0.0.
+
+2898.	[bug]		nslookup leaked memory when -domain=value was
+			specified. [RT #21301]
+
+2894.	[contrib]	DLZ LDAP support now use '$' not '%'. [RT #21294]
+
+2891.	[maint]		Update empty-zones list to match
+			draft-ietf-dnsop-default-local-zones-13. [RT# 21099]
+
 2890.	[bug]		Handle the introduction of new trusted-keys and
 			DS, DLV RRsets better. [RT #21097]
 
-2869.	[bug]		Fix arguments to dns_keytable_findnextkeynode() call.
-			[RT #20877]
+2889.	[bug]		Elements of the grammar where not properly reported.
+			[RT #21046]
+
+2888.	[bug]		Only the first EDNS option was displayed. [RT #21273]
+
+2885.	[bug]		Improve -fno-strict-aliasing support probing in
+			configure. [RT #21080]
+
+2884.	[bug]		Insufficient validation in dns_name_getlabelsequence().
+			[RT #21283]
+
+2883.	[bug]		'dig +short' failed to handle really large datasets.
+			[RT #21113]
+
+2882.	[bug]		Remove memory context from list of active contexts
+			before clearing 'magic'. [RT #21274]
+
+2881.	[bug]		Reduce the amount of time the rbtdb write lock
+			is held when closing a version. [RT #21198]
+
+2879.	[contrib]	DLZ bdbhpt driver fails to close correct cursor.
+			[RT #21106]
 
-	--- 9.6-ESV-R1 released ---
+2877.	[bug]		The validator failed to skip obviously mismatching
+			RRSIGs. [RT #21138]
 
 2876.	[bug]		Named could return SERVFAIL for negative responses
 			from unsigned zones. [RT #21131]
 
-	--- 9.6-ESV released ---
+2875.	[bug]		dns_time64_fromtext() could accept non digits.
+			[RT #21033]
+
+2874.	[bug]		Cache lack of EDNS support only after the server
+			successfully responds to the query using plain DNS.
+			[RT #20930]
+
+2870.	[maint]		Add AAAA address for L.ROOT-SERVERS.NET.
+
+2869.	[bug]		Fix arguments to dns_keytable_findnextkeynode() call.
+			[RT #20877]
+
+2868.	[cleanup]	Run "make clean" at the end of configure to ensure
+			any changes made by configure are integrated.
+			Use --with-make-clean=no to disable.  [RT #20994]
+
+2867.	[bug]		Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers
+			don't like it.  [RT #20986]
+
+2866.	[bug]		Windows does not like the TSIG name being compressed.
+			[RT #20986]
+
+2865.	[bug]		memset to zero event.data.  [RT #20986]
+
+2864.	[bug]		Direct SIG/RRSIG queries were not handled correctly.
+			[RT #21050]
+
+2863.	[port]		linux: disable IPv6 PMTUD and use network minimum MTU.
+			[RT #21056]
+
+2862.	[bug]		nsupdate didn't default to the parent zone when
+			updating DS records. [RT #20896]
+
+2859.	[bug]		When cancelling validation it was possible to leak
+			memory. [RT #20800]
+
+2858.	[bug]		RTT estimates were not being adjusted on ICMP errors.
+			[RT #20772]
+
+2857.	[bug]		named-checkconf did not fail on a bad trusted key.
+			[RT #20705]
+
+2856.	[bug]		The size of a memory allocation was not always properly
+			recorded. [RT #20927]
+
+2853.	[bug]		add_sigs() could run out of scratch space. [RT #21015]
 
 2852.	[bug]		Handle broken DNSSEC trust chains better. [RT #15619]
 
+2851.	[doc]		nslookup.1, removed <informalexample> from the docbook
+			source as it produced bad nroff.  [RT #21007]
+
 	--- 9.6.2 released ---
 
 2850.	[bug]		If isc_heap_insert() failed due to memory shortage
@@ -138,10 +367,10 @@
 
 2823.	[bug]		rbtdb.c:getsigningtime() was missing locks. [RT #20781]
 
-2819.	[cleanup]	Removed unnecessary DNS_POINTER_MAXHOPS define
+2819.	[cleanup]	Removed unnecessary DNS_POINTER_MAXHOPS define.
 			[RT #20771]
 
-2818.	[cleanup]	rndc could return an incorrect error code 
+2818.	[cleanup]	rndc could return an incorrect error code
 			when a zone was not found. [RT #20767]
 
 2815.	[bug]		Exclusively lock the task when freezing a zone.
@@ -357,7 +586,7 @@
 
 2621.	[doc]		Made copyright boilterplate consistent.  [RT #19833]
 
-2920.	[bug]		Delay thawing the zone until the reload of it has
+2620.	[bug]		Delay thawing the zone until the reload of it has
 			completed successfully.  [RT #19750]
 
 2618.	[bug]		The sdb and sdlz db_interator_seek() methods could

Modified: stable/8/contrib/bind9/COPYRIGHT
==============================================================================
--- stable/8/contrib/bind9/COPYRIGHT	Sat Feb  5 17:05:29 2011	(r218333)
+++ stable/8/contrib/bind9/COPYRIGHT	Sat Feb  5 19:13:34 2011	(r218334)
@@ -1,4 +1,4 @@
-Copyright (C) 2004-2010  Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 2004-2011  Internet Systems Consortium, Inc. ("ISC")
 Copyright (C) 1996-2003  Internet Software Consortium.
 
 Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN
 OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 PERFORMANCE OF THIS SOFTWARE.
 
-$Id: COPYRIGHT,v 1.14.176.2 2010/01/07 23:47:36 tbox Exp $
+$Id: COPYRIGHT,v 1.14.176.3 2011-01-04 23:45:42 tbox Exp $
 
 Portions Copyright (C) 1996-2001  Nominum, Inc.
 

Modified: stable/8/contrib/bind9/README
==============================================================================
--- stable/8/contrib/bind9/README	Sat Feb  5 17:05:29 2011	(r218333)
+++ stable/8/contrib/bind9/README	Sat Feb  5 19:13:34 2011	(r218334)
@@ -42,11 +42,9 @@ BIND 9
 		Stichting NLnet - NLnet Foundation
 		Nominum, Inc.
 
-BIND 9.6-ESV (Extended Support Version)
+BIND 9.6.3
 
-	BIND 9.6-ESV will be supported until March 31, 2013, at
-	which time you will need to upgrade to the current release
-	of BIND.
+	BIND 9.6.3 is a maintenance release, fixing bugs in 9.6.2.
 
 BIND 9.6.2
 

Copied: stable/8/contrib/bind9/RELEASE-NOTES-BIND-9.6.3.html (from r218309, vendor/bind9/dist/RELEASE-NOTES-BIND-9.6.3.html)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ stable/8/contrib/bind9/RELEASE-NOTES-BIND-9.6.3.html	Sat Feb  5 19:13:34 2011	(r218334, copy of r218309, vendor/bind9/dist/RELEASE-NOTES-BIND-9.6.3.html)
@@ -0,0 +1,165 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">;
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title></title><link rel="stylesheet" href="release-notes.css" type="text/css" /><meta name="generator" content="DocBook XSL Stylesheets V1.75.2" /></head><body><div class="article"><div class="titlepage"><hr /></div>
+
+  <div class="section" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3026830"></a>Introduction</h2></div></div></div>
+    
+    <p>
+			BIND 9.6.3 is the current release of BIND 9.6.
+		</p>
+    <p>
+			This document summarizes changes from BIND 9.6.2-P2 to BIND 9.6.3.
+			Please see the CHANGES file in the source code release for a
+			complete list of all changes.
+		</p>
+  </div>
+
+  <div class="section" title="Download"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3893341"></a>Download</h2></div></div></div>
+    
+    <p>
+			The latest development version of BIND 9 software can always be found
+	 		on our web site at
+      <a class="ulink" href="http://www.isc.org/downloads/development" target="_top">http://www.isc.org/downloads/development</a>.
+  		There you will find additional information about each release,
+ 			source code, and some pre-compiled versions for certain operating
+ 			systems.
+		</p>
+  </div>
+
+  <div class="section" title="Support"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3026768"></a>Support</h2></div></div></div>
+    
+    <p>Product support information is available on
+      <a class="ulink" href="http://www.isc.org/services/support" target="_top">http://www.isc.org/services/support</a>;
+      for paid support options.  Free support is provided by our user
+ 			community via a mailing list.  Information on all public email
+ 			lists is available at
+      <a class="ulink" href="https://lists.isc.org/mailman/listinfo" target="_top">https://lists.isc.org/mailman/listinfo</a>.
+    </p>
+  </div>
+
+  <div class="section" title="New Features"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3893404"></a>New Features</h2></div></div></div>
+    
+		<div class="section" title="9.6.3"><div class="titlepage"><div><div><h3 class="title"><a id="id3893409"></a>9.6.3</h3></div></div></div>
+			
+			<p>None.</p>
+		</div>
+	</div>
+
+  <div class="section" title="Feature Changes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3893420"></a>Feature Changes</h2></div></div></div>
+    
+		<div class="section" title="9.6.3"><div class="titlepage"><div><div><h3 class="title"><a id="id3893425"></a>9.6.3</h3></div></div></div>
+			
+			<p>None.</p>
+		</div>
+  </div>
+
+  <div class="section" title="Security Fixes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3893436"></a>Security Fixes</h2></div></div></div>
+    
+		<div class="section" title="9.6.2-P3"><div class="titlepage"><div><div><h3 class="title"><a id="id3893441"></a>9.6.2-P3</h3></div></div></div>
+			
+	    <div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
+				 	Adding a NO DATA signed negative response to cache failed to clear
+				  any matching RRSIG records already in cache. A subsequent lookup
+				  of the cached NO DATA entry could crash named (INSIST) when the
+				  unexpected RRSIG was also returned with the NO DATA cache entry.
+				  [RT #22288] [CVE-2010-3613] [VU#706148]
+				</li><li class="listitem">
+					BIND, acting as a DNSSEC validator, was determining if the NS RRset
+				  is insecure based on a value that could mean either that the RRset
+				  is actually insecure or that there wasn't a matching key for the RRSIG
+				  in the DNSKEY RRset when resuming from validating the DNSKEY RRset.
+				  This can happen when in the middle of a DNSKEY algorithm rollover,
+				  when two different algorithms were used to sign a zone but only the
+				  new set of keys are in the zone DNSKEY RRset.
+					[RT #22309] [CVE-2010-3614] [VU#837744]
+				</li></ul></div>
+		</div>
+  </div>
+
+  <div class="section" title="Bug Fixes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3026756"></a>Bug Fixes</h2></div></div></div>
+    
+			<div class="section" title="9.6.3"><div class="titlepage"><div><div><h3 class="title"><a id="id3026817"></a>9.6.3</h3></div></div></div>
+			
+	    <div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
+				BIND now builds with threads disabled in versions of NetBSD earlier
+                                than 5.0 and with pthreads enabled by default in NetBSD versions 5.0
+                                and higher. Also removes support for unproven-pthreads, mit-pthreads
+                                and ptl2. [RT #19203]
+				</li><li class="listitem">
+				HPUX now correctly defaults to using /dev/poll, which should
+				increase performance. [RT #21919]
+				</li><li class="listitem">
+			        If named is running as a threaded application, after an "rndc stop"
+			        command has been issued, other inbound TCP requests can cause named
+			        to hang and never complete shutdown. [RT #22108]
+				</li><li class="listitem">
+				When performing a GSS-TSIG signed dynamic zone update, memory could be
+				leaked. This causes an unclean shutdown and may affect long-running
+				servers. [RT #22573]
+				</li><li class="listitem">
+                                A bug in NetBSD and FreeBSD kernels with SO_ACCEPTFILTER enabled allows
+                                for a TCP DoS attack. Until there is a kernel fix, ISC is disabling
+                                SO_ACCEPTFILTER support in BIND. [RT #22589]
+				</li><li class="listitem">
+				Corrected a defect where a combination of dynamic updates and zone 
+				transfers incorrectly locked the in-memory zone database, causing
+				named to freeze. [RT #22614]
+				</li><li class="listitem">
+                                Don't run MX checks (check-mx) when the MX record points to ".".
+                                [RT #22645]
+				</li><li class="listitem">
+                                DST key reference counts can now be incremented via dst_key_attach.
+                                [RT #22672]
+				</li><li class="listitem">
+				isc_mutex_init_errcheck() in phtreads/mutex.c failed to destroy attr. [RT #22766]
+				</li><li class="listitem">
+                                 The Kerberos realm was being truncated when being pulled from the
+                                 the host prinicipal, make krb5-self updates fail. [RT #22770]
+				</li><li class="listitem">
+				named failed to preserve the case of domain names in RDATA which is not compressible when writing master files. [RT #22863]
+				</li><li class="listitem">
+There was a bug in how the clients-per-query code worked with some
+query patterns. This could result, in rare circumstances, in having all
+the client query slots filled with queries for the same DNS label,
+essentially ignoring the max-clients-per-query setting.
+[RT #22972]
+				</li></ul></div>
+		</div>
+		<div class="section" title="9.6.2-P3"><div class="titlepage"><div><div><h3 class="title"><a id="id3893557"></a>9.6.2-P3</h3></div></div></div>
+			
+	    <div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
+					Worked around a race condition in the cache database memory
+					handling.  Without this fix a DNS cache DB or ADB could
+					incorrectly stay in an over memory state, effectively refusing
+					further caching, which subsequently made a BIND 9 caching
+					server unworkable.
+					[RT #21818]
+				</li><li class="listitem">
+					Microsoft changed the behavior of sockets between NT/XP based
+				  stacks vs Vista/windows7 stacks. Server 2003/2008 have the older
+				  behavior, 2008r2 has the new behavior. With the change, different
+				  error results are possible, so ISC adapted BIND to handle the new
+				  error results.
+				  This resolves an issue where sockets would shut down on
+				  Windows servers causing named to stop responding to queries.
+					[RT #21906]
+				</li><li class="listitem">
+				 	Windows has non-POSIX compliant behavior in its rename() and unlink()
+				  calls. This caused journal compaction to fail on Windows BIND servers
+				  with the log error: "dns_journal_compact failed: failure".
+					[RT #22434]
+				</li></ul></div>
+
+		</div>
+  </div>
+
+  <div class="section" title="Thank You"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3893594"></a>Thank You</h2></div></div></div>
+    
+    <p>
+      Thank you to everyone who assisted us in making this release possible.
+      If you would like to contribute to ISC to assist us in continuing to make
+      quality open source software, please visit our donations page at
+      <a class="ulink" href="http://www.isc.org/supportisc" target="_top">http://www.isc.org/supportisc</a>.
+    </p>
+  </div>
+</div></body></html>

Copied: stable/8/contrib/bind9/RELEASE-NOTES-BIND-9.6.3.pdf (from r218309, vendor/bind9/dist/RELEASE-NOTES-BIND-9.6.3.pdf)
==============================================================================
Binary file (source and/or target). No diff available.

Copied: stable/8/contrib/bind9/RELEASE-NOTES-BIND-9.6.3.txt (from r218309, vendor/bind9/dist/RELEASE-NOTES-BIND-9.6.3.txt)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ stable/8/contrib/bind9/RELEASE-NOTES-BIND-9.6.3.txt	Sat Feb  5 19:13:34 2011	(r218334, copy of r218309, vendor/bind9/dist/RELEASE-NOTES-BIND-9.6.3.txt)
@@ -0,0 +1,118 @@
+     __________________________________________________________________
+
+Introduction
+
+   BIND 9.6.3 is the current release of BIND 9.6.
+
+   This document summarizes changes from BIND 9.6.2-P2 to BIND 9.6.3.
+   Please see the CHANGES file in the source code release for a complete
+   list of all changes.
+
+Download
+
+   The latest development version of BIND 9 software can always be found
+   on our web site at http://www.isc.org/downloads/development. There you
+   will find additional information about each release, source code, and
+   some pre-compiled versions for certain operating systems.
+
+Support
+
+   Product support information is available on
+   http://www.isc.org/services/support for paid support options. Free
+   support is provided by our user community via a mailing list.
+   Information on all public email lists is available at
+   https://lists.isc.org/mailman/listinfo.
+
+New Features
+
+9.6.3
+
+   None.
+
+Feature Changes
+
+9.6.3
+
+   None.
+
+Security Fixes
+
+9.6.2-P3
+
+     * Adding a NO DATA signed negative response to cache failed to clear
+       any matching RRSIG records already in cache. A subsequent lookup of
+       the cached NO DATA entry could crash named (INSIST) when the
+       unexpected RRSIG was also returned with the NO DATA cache entry.
+       [RT #22288] [CVE-2010-3613] [VU#706148]
+     * BIND, acting as a DNSSEC validator, was determining if the NS RRset
+       is insecure based on a value that could mean either that the RRset
+       is actually insecure or that there wasn't a matching key for the
+       RRSIG in the DNSKEY RRset when resuming from validating the DNSKEY
+       RRset. This can happen when in the middle of a DNSKEY algorithm
+       rollover, when two different algorithms were used to sign a zone
+       but only the new set of keys are in the zone DNSKEY RRset. [RT
+       #22309] [CVE-2010-3614] [VU#837744]
+
+Bug Fixes
+
+9.6.3
+
+     * BIND now builds with threads disabled in versions of NetBSD earlier
+       than 5.0 and with pthreads enabled by default in NetBSD versions
+       5.0 and higher. Also removes support for unproven-pthreads,
+       mit-pthreads and ptl2. [RT #19203]
+     * HPUX now correctly defaults to using /dev/poll, which should
+       increase performance. [RT #21919]
+     * If named is running as a threaded application, after an "rndc stop"
+       command has been issued, other inbound TCP requests can cause named
+       to hang and never complete shutdown. [RT #22108]
+     * When performing a GSS-TSIG signed dynamic zone update, memory could
+       be leaked. This causes an unclean shutdown and may affect
+       long-running servers. [RT #22573]
+     * A bug in NetBSD and FreeBSD kernels with SO_ACCEPTFILTER enabled
+       allows for a TCP DoS attack. Until there is a kernel fix, ISC is
+       disabling SO_ACCEPTFILTER support in BIND. [RT #22589]
+     * Corrected a defect where a combination of dynamic updates and zone
+       transfers incorrectly locked the in-memory zone database, causing
+       named to freeze. [RT #22614]
+     * Don't run MX checks (check-mx) when the MX record points to ".".
+       [RT #22645]
+     * DST key reference counts can now be incremented via dst_key_attach.
+       [RT #22672]
+     * isc_mutex_init_errcheck() in phtreads/mutex.c failed to destroy
+       attr. [RT #22766]
+     * The Kerberos realm was being truncated when being pulled from the
+       the host prinicipal, make krb5-self updates fail. [RT #22770]
+     * named failed to preserve the case of domain names in RDATA which is
+       not compressible when writing master files. [RT #22863]
+     * There was a bug in how the clients-per-query code worked with some
+       query patterns. This could result, in rare circumstances, in having
+       all the client query slots filled with queries for the same DNS
+       label, essentially ignoring the max-clients-per-query setting. [RT
+       #22972]
+
+9.6.2-P3
+
+     * Worked around a race condition in the cache database memory
+       handling. Without this fix a DNS cache DB or ADB could incorrectly
+       stay in an over memory state, effectively refusing further caching,
+       which subsequently made a BIND 9 caching server unworkable. [RT
+       #21818]
+     * Microsoft changed the behavior of sockets between NT/XP based
+       stacks vs Vista/windows7 stacks. Server 2003/2008 have the older
+       behavior, 2008r2 has the new behavior. With the change, different
+       error results are possible, so ISC adapted BIND to handle the new
+       error results. This resolves an issue where sockets would shut down
+       on Windows servers causing named to stop responding to queries. [RT
+       #21906]
+     * Windows has non-POSIX compliant behavior in its rename() and
+       unlink() calls. This caused journal compaction to fail on Windows
+       BIND servers with the log error: "dns_journal_compact failed:
+       failure". [RT #22434]
+
+Thank You
+
+   Thank you to everyone who assisted us in making this release possible.
+   If you would like to contribute to ISC to assist us in continuing to
+   make quality open source software, please visit our donations page at
+   http://www.isc.org/supportisc.

Modified: stable/8/contrib/bind9/bin/check/check-tool.c
==============================================================================
--- stable/8/contrib/bind9/bin/check/check-tool.c	Sat Feb  5 17:05:29 2011	(r218333)
+++ stable/8/contrib/bind9/bin/check/check-tool.c	Sat Feb  5 19:13:34 2011	(r218334)
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check-tool.c,v 1.35.36.3.24.2 2010/09/07 23:46:25 tbox Exp $ */
+/* $Id: check-tool.c,v 1.35.36.5 2010-09-07 23:46:05 tbox Exp $ */
 
 /*! \file */
 

Modified: stable/8/contrib/bind9/bin/check/check-tool.h
==============================================================================
--- stable/8/contrib/bind9/bin/check/check-tool.h	Sat Feb  5 17:05:29 2011	(r218333)
+++ stable/8/contrib/bind9/bin/check/check-tool.h	Sat Feb  5 19:13:34 2011	(r218334)
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check-tool.h,v 1.14.628.2 2010/09/07 23:46:26 tbox Exp $ */
+/* $Id: check-tool.h,v 1.14.334.2 2010-09-07 23:46:05 tbox Exp $ */
 
 #ifndef CHECK_TOOL_H
 #define CHECK_TOOL_H

Modified: stable/8/contrib/bind9/bin/check/named-checkconf.c
==============================================================================
--- stable/8/contrib/bind9/bin/check/named-checkconf.c	Sat Feb  5 17:05:29 2011	(r218333)
+++ stable/8/contrib/bind9/bin/check/named-checkconf.c	Sat Feb  5 19:13:34 2011	(r218334)
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named-checkconf.c,v 1.46.222.2.24.2 2010/09/07 23:46:26 tbox Exp $ */
+/* $Id: named-checkconf.c,v 1.46.222.4 2010-09-07 23:46:05 tbox Exp $ */
 
 /*! \file */
 

Modified: stable/8/contrib/bind9/bin/check/named-checkzone.c
==============================================================================
--- stable/8/contrib/bind9/bin/check/named-checkzone.c	Sat Feb  5 17:05:29 2011	(r218333)
+++ stable/8/contrib/bind9/bin/check/named-checkzone.c	Sat Feb  5 19:13:34 2011	(r218334)
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named-checkzone.c,v 1.51.34.4.10.2 2010/09/07 23:46:26 tbox Exp $ */
+/* $Id: named-checkzone.c,v 1.51.34.6 2010-09-07 23:46:06 tbox Exp $ */
 
 /*! \file */
 

Modified: stable/8/contrib/bind9/bin/dig/dig.c
==============================================================================
--- stable/8/contrib/bind9/bin/dig/dig.c	Sat Feb  5 17:05:29 2011	(r218333)
+++ stable/8/contrib/bind9/bin/dig/dig.c	Sat Feb  5 19:13:34 2011	(r218334)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2009  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2010  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dig.c,v 1.225.26.4 2009/05/06 10:18:33 fdupont Exp $ */
+/* $Id: dig.c,v 1.225.26.7 2010-05-13 00:43:37 marka Exp $ */
 
 /*! \file */
 
@@ -306,6 +306,8 @@ say_message(dns_rdata_t *rdata, dig_quer
 		ADD_STRING(buf, " ");
 	}
 	result = dns_rdata_totext(rdata, NULL, buf);
+	if (result == ISC_R_NOSPACE)
+		return (result);
 	check_result(result, "dns_rdata_totext");
 	if (query->lookup->identify) {
 		TIME_NOW(&now);
@@ -328,10 +330,8 @@ short_answer(dns_message_t *msg, dns_mes
 {
 	dns_name_t *name;
 	dns_rdataset_t *rdataset;
-	isc_buffer_t target;
 	isc_result_t result, loopresult;
 	dns_name_t empty_name;
-	char t[4096];
 	dns_rdata_t rdata = DNS_RDATA_INIT;
 
 	UNUSED(flags);
@@ -347,8 +347,6 @@ short_answer(dns_message_t *msg, dns_mes
 		name = NULL;
 		dns_message_currentname(msg, DNS_SECTION_ANSWER, &name);
 
-		isc_buffer_init(&target, t, sizeof(t));
-
 		for (rdataset = ISC_LIST_HEAD(name->list);
 		     rdataset != NULL;
 		     rdataset = ISC_LIST_NEXT(rdataset, link)) {
@@ -357,6 +355,8 @@ short_answer(dns_message_t *msg, dns_mes
 				dns_rdataset_current(rdataset, &rdata);
 				result = say_message(&rdata, query,
 						     buf);
+				if (result == ISC_R_NOSPACE)
+					return (result);
 				check_result(result, "say_message");
 				loopresult = dns_rdataset_next(rdataset);
 				dns_rdata_reset(&rdata);
@@ -505,6 +505,8 @@ printmessage(dig_query_t *query, dns_mes
 				printf(" ad");
 			if ((msg->flags & DNS_MESSAGEFLAG_CD) != 0)
 				printf(" cd");
+			if ((msg->flags & 0x0040U) != 0)
+				printf("; MBZ: 0x4");
 
 			printf("; QUERY: %u, ANSWER: %u, "
 			       "AUTHORITY: %u, ADDITIONAL: %u\n",

Modified: stable/8/contrib/bind9/bin/dig/dighost.c
==============================================================================
--- stable/8/contrib/bind9/bin/dig/dighost.c	Sat Feb  5 17:05:29 2011	(r218333)
+++ stable/8/contrib/bind9/bin/dig/dighost.c	Sat Feb  5 19:13:34 2011	(r218334)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2009  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2010  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dighost.c,v 1.311.70.11 2009/11/10 17:27:13 each Exp $ */
+/* $Id: dighost.c,v 1.311.70.17 2010-12-09 01:12:54 marka Exp $ */
 
 /*! \file
  *  \note
@@ -246,7 +246,7 @@ isc_result_t	  opentmpkey(isc_mem_t *mct
 			     char **tempp, FILE **fp);
 isc_result_t	  removetmpkey(isc_mem_t *mctx, const char *file);
 void		  clean_trustedkey(void);
-void		  insert_trustedkey(dst_key_t  * key);
+void		  insert_trustedkey(dst_key_t **key);
 #if DIG_SIGCHASE_BU
 isc_result_t	  getneededrr(dns_message_t *msg);
 void		  sigchase_bottom_up(dns_message_t *msg);
@@ -970,7 +970,6 @@ setup_file_key(void) {
 		       keynametext, isc_result_totext(result));
 		goto failure;
 	}
-	dstkey = NULL;
  failure:
 	if (dstkey != NULL)
 		dst_key_free(&dstkey);
@@ -990,12 +989,21 @@ make_searchlist_entry(char *domain) {
 }
 
 static void
+clear_searchlist(void) {
+	dig_searchlist_t *search;
+	while ((search = ISC_LIST_HEAD(search_list)) != NULL) {
+		ISC_LIST_UNLINK(search_list, search, link);
+		isc_mem_free(mctx, search);
+	}
+}
+
+static void
 create_search_list(lwres_conf_t *confdata) {
 	int i;
 	dig_searchlist_t *search;
 
 	debug("create_search_list()");
-	ISC_LIST_INIT(search_list);
+	clear_searchlist();
 
 	for (i = 0; i < confdata->searchnxt; i++) {
 		search = make_searchlist_entry(confdata->search[i]);
@@ -1038,7 +1046,7 @@ setup_system(void) {
 	else { /* No search list. Use the domain name if any */
 		if (lwconf->domainname != NULL) {
 			domain = make_searchlist_entry(lwconf->domainname);
-			ISC_LIST_INITANDAPPEND(search_list, domain, link);
+			ISC_LIST_APPEND(search_list, domain, link);
 			domain  = NULL;
 		}
 	}
@@ -1093,15 +1101,6 @@ setup_system(void) {
 
 }
 
-static void
-clear_searchlist(void) {
-	dig_searchlist_t *search;
-	while ((search = ISC_LIST_HEAD(search_list)) != NULL) {
-		ISC_LIST_UNLINK(search_list, search, link);
-		isc_mem_free(mctx, search);
-	}
-}
-
 /*%
  * Override the search list derived from resolv.conf by 'domain'.
  */
@@ -1201,14 +1200,15 @@ add_opt(dns_message_t *msg, isc_uint16_t
 	if (dnssec)
 		rdatalist->ttl |= DNS_MESSAGEEXTFLAG_DO;
 	if (nsid) {
-		unsigned char data[4];
-		isc_buffer_t buf;
+		isc_buffer_t *b = NULL;
 
-		isc_buffer_init(&buf, data, sizeof(data));
-		isc_buffer_putuint16(&buf, DNS_OPT_NSID);
-		isc_buffer_putuint16(&buf, 0);
-		rdata->data = data;
-		rdata->length = sizeof(data);
+		result = isc_buffer_allocate(mctx, &b, 4);
+		check_result(result, "isc_buffer_allocate");
+		isc_buffer_putuint16(b, DNS_OPT_NSID);
+		isc_buffer_putuint16(b, 0);
+		rdata->data = isc_buffer_base(b);
+		rdata->length = isc_buffer_usedlength(b);
+		dns_message_takebuffer(msg, &b);
 	} else {
 		rdata->data = NULL;
 		rdata->length = 0;
@@ -2218,6 +2218,15 @@ force_timeout(dig_lookup_t *l, dig_query
 		      isc_result_totext(ISC_R_NOMEMORY));
 	}
 	isc_task_send(global_task, &event);
+
+	/*
+	 * The timer may have expired if, for example, get_address() takes
+	 * long time and the timer was running on a different thread.
+	 * We need to cancel the possible timeout event not to confuse
+	 * ourselves due to the duplicate events.
+	 */
+	if (l->timer != NULL)
+		isc_timer_detach(&l->timer);
 }
 
 
@@ -2241,7 +2250,7 @@ send_tcp_connect(dig_query_t *query) {
 	query->waiting_connect = ISC_TRUE;
 	query->lookup->current_query = query;
 	result = get_address(query->servname, port, &query->sockaddr);
-	if (result == ISC_R_NOTFOUND) {
+	if (result != ISC_R_SUCCESS) {
 		/*
 		 * This servname doesn't have an address.  Try the next server
 		 * by triggering an immediate 'timeout' (we lie, but the effect
@@ -2323,7 +2332,7 @@ send_udp(dig_query_t *query) {
 		/* XXX Check the sense of this, need assertion? */
 		query->waiting_connect = ISC_FALSE;
 		result = get_address(query->servname, port, &query->sockaddr);
-		if (result == ISC_R_NOTFOUND) {
+		if (result != ISC_R_SUCCESS) {
 			/* This servname doesn't have an address. */
 			force_timeout(l, query);
 			return;
@@ -3858,14 +3867,15 @@ sigchase_scanname(dns_rdatatype_t type, 
 }
 
 void
-insert_trustedkey(dst_key_t * key)
+insert_trustedkey(dst_key_t **keyp)
 {
-	if (key == NULL)
+	if (*keyp == NULL)
 		return;
 	if (tk_list.nb_tk >= MAX_TRUSTED_KEY)
 		return;
 
-	tk_list.key[tk_list.nb_tk++] = key;
+	tk_list.key[tk_list.nb_tk++] = *keyp;
+	*keyp = NULL;
 	return;
 }
 
@@ -4039,11 +4049,12 @@ get_trusted_key(isc_mem_t *mctx)
 			fclose(fp);
 			return (ISC_R_FAILURE);
 		}
-		insert_trustedkey(key);
 #if 0
 		dst_key_tofile(key, DST_TYPE_PUBLIC,"/tmp");
 #endif
-		key = NULL;
+		insert_trustedkey(&key);
+		if (key != NULL)
+			dst_key_free(&key);
 	}
 	return (ISC_R_SUCCESS);
 }

Modified: stable/8/contrib/bind9/bin/dig/host.c
==============================================================================
--- stable/8/contrib/bind9/bin/dig/host.c	Sat Feb  5 17:05:29 2011	(r218333)
+++ stable/8/contrib/bind9/bin/dig/host.c	Sat Feb  5 19:13:34 2011	(r218334)
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: host.c,v 1.116.216.3.10.2 2010/10/19 23:46:25 tbox Exp $ */
+/* $Id: host.c,v 1.116.216.5 2010-10-19 23:45:58 tbox Exp $ */
 
 /*! \file */
 

Modified: stable/8/contrib/bind9/bin/dig/nslookup.1
==============================================================================
--- stable/8/contrib/bind9/bin/dig/nslookup.1	Sat Feb  5 17:05:29 2011	(r218333)
+++ stable/8/contrib/bind9/bin/dig/nslookup.1	Sat Feb  5 19:13:34 2011	(r218334)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2007, 2010 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" Permission to use, copy, modify, and/or distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -12,7 +12,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: nslookup.1,v 1.14.354.1 2009/07/11 01:55:20 tbox Exp $
+.\" $Id: nslookup.1,v 1.14.354.2 2010-02-23 01:56:02 tbox Exp $
 .\"
 .hy 0
 .ad l
@@ -54,7 +54,13 @@ when the first argument is a hyphen (\-)
 Non\-interactive mode is used when the name or Internet address of the host to be looked up is given as the first argument. The optional second argument specifies the host name or address of a name server.
 .PP
 Options can also be specified on the command line if they precede the arguments and are prefixed with a hyphen. For example, to change the default query type to host information, and the initial timeout to 10 seconds, type:
-.sp .RS 4 .nf nslookup \-query=hinfo \-timeout=10 .fi .RE
+.sp
+.RS 4
+.nf
+nslookup \-query=hinfo  \-timeout=10
+.fi
+.RE
+.sp
 .SH "INTERACTIVE COMMANDS"
 .PP
 \fBhost\fR [server]
@@ -248,5 +254,5 @@ Try the next nameserver if a nameserver 
 .PP
 Andrew Cherenson
 .SH "COPYRIGHT"
-Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2007, 2010 Internet Systems Consortium, Inc. ("ISC")
 .br

Modified: stable/8/contrib/bind9/bin/dig/nslookup.docbook
==============================================================================
--- stable/8/contrib/bind9/bin/dig/nslookup.docbook	Sat Feb  5 17:05:29 2011	(r218333)
+++ stable/8/contrib/bind9/bin/dig/nslookup.docbook	Sat Feb  5 19:13:34 2011	(r218334)
@@ -2,7 +2,7 @@
                "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007, 2010  Internet Systems Consortium, Inc. ("ISC")
  -
  - Permission to use, copy, modify, and/or distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -17,7 +17,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: nslookup.docbook,v 1.16 2007/06/18 23:47:17 tbox Exp $ -->
+<!-- $Id: nslookup.docbook,v 1.16.334.2 2010-02-22 23:47:53 tbox Exp $ -->
 <!--
  - Copyright (c) 1985, 1989
  -    The Regents of the University of California.  All rights reserved.
@@ -73,6 +73,7 @@
       <year>2005</year>
       <year>2006</year>
       <year>2007</year>

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201102051913.p15JDZcl037635>